package com.kelvem.saas.workbanch.security.shiro;

import jakarta.servlet.Filter;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;

@Configuration
public class ShiroConfig {

    @Bean
    public Realm realm() {
        return new JwtRealm();
    }

//    @Bean
//    public JdbcRealm jdbcRealm(CustomHashedCredentialsMatcher matcher) {
//        JdbcRealm jdbcRealm = new JdbcRealm();
//        jdbcRealm.setDataSource(dataSource());
//        jdbcRealm.setAuthenticationQuery("SELECT password, salt FROM users WHERE username = ?");
//        jdbcRealm.setRoleQuery("SELECT role FROM user_roles WHERE username = ?");
//        jdbcRealm.setPermissionsLookupEnabled(true);
//        jdbcRealm.setCredentialsMatcher(matcher);
//        return jdbcRealm;
//    }

    @Bean
    public SecurityManager securityManager() {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(realm());
        return securityManager;
    }

    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();

        shiroFilterFactoryBean.setSecurityManager(securityManager);

        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
        // Define your URL patterns and corresponding filters
        // Add the login endpoint to the whitelist
        filterChainDefinitionMap.put("/sysUser/v1/login", "anon");
        filterChainDefinitionMap.put("/bizPage/v1/queryMenuByToken", "roles[default]");

//        // 数据库权限
//        Map<String, String> urlRoleMap = shiroUserService.queryAllOrgUrlMap();
//        for (String url : urlRoleMap.keySet()) {
//            filterChainDefinitionMap.put(url, "roles[" + urlRoleMap.get(url) + "]");
//        }
        // 防止未配置地址
        filterChainDefinitionMap.put("/**", "roles[admin]");

        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);

        // 添加自己的过滤器并且取名为jwt
        Map<String, Filter> filterMap = new HashMap<>(1);
        filterMap.put("roles", new JwtFilter());
        shiroFilterFactoryBean.setFilters(filterMap);

        return shiroFilterFactoryBean;
    }

//    /**
//     * 下面的代码是添加注解支持
//     * @return
//     */
//    @Bean
//    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
//        DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
//        defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
//        /**
//         * 解决重复代理问题 github#994
//         * 添加前缀判断 不匹配 任何Advisor
//         */
//        defaultAdvisorAutoProxyCreator.setUsePrefix(true);
//        defaultAdvisorAutoProxyCreator.setAdvisorBeanNamePrefix("_no_advisor");
//        return defaultAdvisorAutoProxyCreator;
//    }
//
//    @Bean
//    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
//        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
//        advisor.setSecurityManager(securityManager);
//        return advisor;
//    }
}
